﻿using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
using System.Data;
using System.Web.Security;

namespace FIleForensics
{
    public partial class chgPassword : System.Web.UI.Page
    {
        protected void Page_Load(object sender, EventArgs e)
        {

        }

        protected void btnChangePass_Click(object sender, EventArgs e)
        {
            string oldPass = FormsAuthentication.HashPasswordForStoringInConfigFile(this.txtOldPass.Text, "sha1");
            string newPass = FormsAuthentication.HashPasswordForStoringInConfigFile(this.txtNewPass.Text, "sha1");
            
            string connString = "Data Source=.\\SQLEXPRESS;AttachDbFilename=C:\\Users\\jwilson\\Documents\\Visual Studio 2010\\Projects\\Course Work 2\\FIleForensics\\App_Data\\FileForensic.mdf;Integrated Security=True;User Instance=True";

            SqlConnection conn = new SqlConnection(connString);

            SqlCommand changePass = new SqlCommand("UPDATE LogIn SET Password = @password WHERE Username = @Username", conn);
            changePass.Parameters.Add("@Username", SqlDbType.NVarChar).Value = Session["User"];
            changePass.Parameters.Add("@Password", SqlDbType.NVarChar).Value = newPass;

            SqlCommand chkPass = new SqlCommand("SELECT password FROM LogIn WHERE Username = @Username", conn);
            chkPass.Parameters.Add("@Username", SqlDbType.NVarChar).Value = Session["User"];
            
            conn.Open();
            string oldPassChk = (string)chkPass.ExecuteScalar();
            conn.Close();

            if (oldPassChk == oldPass && txtNewPass.Text == txtChkNewPass.Text)
            {
                conn.Open();
                changePass.ExecuteNonQuery();
                conn.Close();
            }
        }
    }
}